具有身份验证设置的 Postfix 虚拟邮箱允许从未经身份验证的用户发送邮件
Postfix virtual mailbox with authentication setup allows sending mails from unauthenticated users
我的 postfix 设置有问题,它允许未经身份验证和不存在的用户发送邮件。 Postfix 配置为使用虚拟邮箱。
事情是这样的:
telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
ehlo server
250-hostname.com
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN CRAM-MD5 LOGIN
250-AUTH=PLAIN CRAM-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
正在发送邮件
telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
mail from: nonexistinguser@virtual-domain.com
250 2.1.0 Ok
rcpt to: legit-user@virtual-domain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hi this is a mail from fake account
.
250 2.0.0 Ok: queued as BE73115761D
quit
221 2.0.0 Bye
Connection closed by foreign host.
后缀配置:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_auth_only=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = hostname.com
mydomain = hostname.com
myorigin=$mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated,
reject_unauthenticated_sender_login_mismatch
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
message_size_limit = 52428800
virtual_mailbox_limit = 0
问题是:我怎么可以不经过身份验证就发送邮件?
Postfix 将接受发送到本地域的邮件。它们可以通过多种方式指定,一种是 main.cf
中的 mydestination
参数。
The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine.
如果您尝试使用 telnet 发送到非本地域,您将在发出 rcpt to
命令后收到 Relay access denied
。
我的 postfix 设置有问题,它允许未经身份验证和不存在的用户发送邮件。 Postfix 配置为使用虚拟邮箱。 事情是这样的:
telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
ehlo server
250-hostname.com
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN CRAM-MD5 LOGIN
250-AUTH=PLAIN CRAM-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
正在发送邮件
telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
mail from: nonexistinguser@virtual-domain.com
250 2.1.0 Ok
rcpt to: legit-user@virtual-domain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hi this is a mail from fake account
.
250 2.0.0 Ok: queued as BE73115761D
quit
221 2.0.0 Bye
Connection closed by foreign host.
后缀配置:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_auth_only=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = hostname.com
mydomain = hostname.com
myorigin=$mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated,
reject_unauthenticated_sender_login_mismatch
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
message_size_limit = 52428800
virtual_mailbox_limit = 0
问题是:我怎么可以不经过身份验证就发送邮件?
Postfix 将接受发送到本地域的邮件。它们可以通过多种方式指定,一种是 main.cf
中的 mydestination
参数。
The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine.
如果您尝试使用 telnet 发送到非本地域,您将在发出 rcpt to
命令后收到 Relay access denied
。